Posted 27 April 2011

Clarifying a Few PSN Points

Share this post

We wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening.

Update: Due to ongoing work to bring PSN back online there will be no scheduled content publish this week for PlayStation Store or PS Home. We will resume our scheduled publishing as we bring services online again.

100 Comments

7 Author replies

You dont seem to be replying to anything, but is it possible to get an ETA of when PSN will be working again?

Not specific, but days, a week, weeks and so forth, a rough estimate please.

Some of us have subscription services like Lovefilm that is used on PS3 and needs PSN signed in, if is going to be weeks before PSN is back may as well be cancelled for now, but if just some days or 1 week probably not worth cancelling.

I appreciate that we have not been as responsive as usual here on the blog and please accept my personal apologies for that. I don’t need to tell you of the sensitivity of this situation. However, I promise that we have been working around the clock and we have posted any new information as quickly as has been humanly possible. We are working towards getting things back to normal and that includes maintaining an open and accurate dialogue with our consumers.

Last week when this mess started and people where worried all you had to say was “hey we have no confirmation at this point if user data was compromised but since we haven’t ruled it out ether we recommend that worried users change there passwords and keep a eye on there credit card transactions until we have done a full investigation”

Now we find out a week later that yes user data was leaked but thats a week to late to if someone has spend £1000 pounds on your credit card or something.

Mr Head of Communications I hope you get sacked over your complete lack of common sense when dealing with this situation.

What makes Sony look so bad is the silent treatment you have been giving us from day one. Facts are you knew that your system was compromised, you did say a thing about till days later and even then didn’t tell us you suspected personal information might have been compromised.Sony you dropped the ball big time on this, you should fire your PR department because they don’t have a [DELETED] clue what they are doing, and totally screwed you in this.

hope you can get everything sorted soon sony. if you could give us a rough time on when the psn is back up that would be great. also can you give us info on whats going to happen with the store update? thank you. p.s. anyone moaning about how long it took sony to tell us about the safety of our info, they only found out two days ago that are info was not safe and they told us the next day which is fast enough for me. they knew they got hacked but only found out peoples info may have been stolen days later.

I know we keep saying the same thing and that can be frustrating but we can’t give out times until we know they are accurate. When they are, they will be here on the blog; that’s the one thing I can promise.

Exactly what I have been telling raging friends on twitter and kotaku.com.

It’s more than a little cynical to think Sony would attempt to cover this kind of information up. Obviously, the delay was due to the fact you can’t pull that kind of information out of the air, how exactly does one know if information has been downloaded in a hacker attack?

I can understand the frustrations but if anything it should be the hacker getting all the blame here. Why these guys can’t simply just leave things alone. I’m sure Microsoft and Nintendo would have reacted the same way as Sony if it had happened to their services. I hope the hackers are tracked down and jailed.

identity theft has been on the up for yrs in the past month or too here is just a few companies

Earlier this month, US firm Epsilon, which manages data for companies including Barclaycard, Citigroup and hotel chain Marriott, confirmed that millions of email addresses had been stolen in an attack on its servers. However, the data stolen in this case was limited only to email addresses.

In March, online retailer Play.com warned that customer emails and some personal information had been stolen, though the company stressed that credit card details were safe. In January, cosmetics firm Lush admitted that credit card details belonging to some of its customers had been stolen in the run-up to Christmas. The company advised customers to contact their bank.

We are sending out emails to every PSN member, but sending that quantity is quite a big job so we decided to post it here and on playstation.com so that everyone has access to it at the same time, which was then reported on.

Why didn’t you tell us that an extern team was looking at the breach when you put them on the case? Why didn’t you tell us then that our passwords & cc details might have been compromised (I mean, that was what this team was looking at, no?)? By now they might have already used our passwords & cc details.

Your PR is terrible.

As are your safety measures, especially when a group of hackers announces beforehand that they’ll try hacks (even when it wasn’t them now).

thanks for clearing up the misunderstanding some people have had over comunication.

keep up the hard work on restoring the network and implementing the new security features. We want to see the network up and running again and as a fan of gaming let alone Sony we hope this doesnt damage your reputation too much and that you continue to provide great eperience in great ways. If Sony fails the gaming industry as a whole will be a much poorer place.

As for people constantly hammering you guys, these people need to get to grips. Sony have advised the best course of action. instead of ranting over sackings and poor service blah blah blah, use your common sense, take their advice and wish PSN services a speedy recovery.

You knew from the beginning that our data was compromised because you knew how weak your security system was/is or whatever. This pseudo-statement it’s just you, sony, trying trying to apologize the way you did things and to avoid legal charges against for not warn us in time.

Sorry but, you will not avoid anything and you will always be found guilty in court. Should of thought in your consumers first.

Im not being supportive either cause right not I hate Sony. So dont thank me for that either cause you dont have my support. I just want someone tro answer the comments and for you guys to do your freaking jobs right from the beginning.

Meh I just want the hacker group to get caught and then they’ll get to pay us users for what they done. And don’t let them off the hook like you did with Hot<.Imagine them getting caught, their lives will be totally smashed paying off their crimes for the rest of their lives.

i’ll second that chocobo. REALLY want these criminals caught & made to pay for what they’ve done. its not sonys fault they did this & for all those that keep constantly complaining & cosntantly saying they are going to get an xbox then please go away & do so!

here is discovery of how Sony extracts data from your PS3s. They DO NOT ENCRYPT your credit card information, and the following shows how anyone with access to the servers can see and use your credit information for fraud, hackers or sony employees alike.

Everything contained within _”example”_ in the reality is replaced with your actual information. It would be very easy to write this information down, and to exploit it for credit fraud on the internet. They also do not encrypt your PSN accounts.

here is discovery of how Sony extracts data from your PS3s. They DO NOT ENCRYPT your credit card information, and the following shows how anyone with access to the servers can see and use your credit information for fraud, hackers or sony employees alike.

Everything contained within _”example”_ in the reality is replaced with your actual information. It would be very easy to write this information down, and to exploit it for credit fraud on the internet. They also do not encrypt your PSN accounts.

Hey PSN. I am hanging in there. I am going to admit it is getting tough. I am taking abuse daily from people who own 360’s. I am not going to defect, ever. I just hope this thing is resolved soon.Next week is the PS+ update so I can only assume you are aiming to have it fixed by then?

I posted on the store update the 20th asking what was wrong with psn as I had been getting booted from both geonet (white knight chronicles server) and psn – the same thing was happening to a person I was playing with who lived in the states. Once I stopped playing an mp game I was able to stay on psn until midnight (then the 21st) when I left by choice

so they knew that somewhere between the 17th and 19th details had been compromised – that’s up to 4 days before turning off the psn- add on top of that the 6 days psn was down – before any statement about details, cc info being breached – that is nearly 2 weeks

whats even more serious isn’t the cc information which can be changed – it’s the possibility and likelihood of identity theft (and yes other companies have had info breached) but Play never had my birthday along with my other details and now I’m expected to pay for credit reports to insure my details aren’t used or is Sony going to be paying for that as it was their lousy sec...

I posted on the store update the 20th asking what was wrong with psn as I had been getting booted from both geonet (white knight chronicles server) and psn – the same thing was happening to a person I was playing with who lived in the states. Once I stopped playing an mp game I was able to stay on psn until midnight (then the 21st) when I left by choice

so they knew that somewhere between the 17th and 19th details had been compromised – that’s up to 4 days before turning off the psn- add on top of that the 6 days psn was down – before any statement about details, cc info being breached – that is nearly 2 weeks

whats even more serious isn’t the cc information which can be changed – it’s the possibility and likelihood of identity theft (and yes other companies have had info breached) but Play never had my birthday along with my other details and now I’m expected to pay for credit reports to insure my details aren’t used or is Sony going to be paying for that as it was their lousy security that enabled their customer details to be stolen

after reading the FAQ again – no my question has not many answered so I will ask again ARE THE FUNDS WE HAD IN OUR WALLETS SAFE?????

Yes, that’s a questions that should have been included in the FAQ and we are discovering new ones to update it with all the time. When PSN is restored, friends lists, trophies and wallet funds will all be exactly as they were before.

@35you log in using your mail so you can just change your contact mail in account settings. done this before and you loose nothing. besides friend list and trophies are what concern you? you’re not bothered by the fact that your private informations are not private anymore (and your credit card information also)?

never used creditcard on psn for this type off reasons only PSN cardspersonal information well there ain’t a damn thing we can do about that ourselves as long as their no banking info taken i’m not worried

@ AgrielWell said. It baffles me that PR always fails to deliver, when worst case scenarios appear.You could really get the impression that they have no idea, that open communication usually helps to brighten up negative events.

@ TieskeYeah, that also surprised me. You’d think it would be quit logical to directly contact and warn your customers. I guess Sony prefers to reach theirs via TV and newspapers?

May I just say that EVERYTHING will be forgiven IF you get Zipper to ADD REGIONAL LOBBIES to SOCOM 4. We’ll all be too busy having fun playing with our peers to complain. Rather than a) not playing at all or b) playing for a bit then giving up because you’ve foolishly bunged UK players with US players. WE ARE NOT THE SAME. Bring back the COMMUNITY feel to SOCOM 4 and I’ll tattoo my credit card information onto Jack Tretton’s backside if he wants.

@dgnflythat’s wise. i believe i’m not really threatened either cause i use virtual credit card but it just pisses me off that those information are out there. if i wanted them public i’d post them on facebook but thanks to sony it’s not my decision anymore:) plus now i’ll have to change my password (i really liked my password)

apparently according to my bank / credit card company – the cost of identity protection is £79.95 a year – so as our details have been compromised – breeched- stolen is Sony going to be implementing and covering the cost of said protection?

after having had my identity stolen once before (when my purse was stolen) – I one day awoke to find I was being audited because of suspicions of failing to pay tax for a job I never had after finding out I was supposedly a construction worker working on government contracts -in reality I was working at Tower Records in the mail order department – fortunately for me the man working on my case was able to see that a sknny little industrial caucasion female with shaved head and piercings was not exactly the kind of person who would be hired by the government to build anything – confirmation then came from the company who supposedly employed me – which I then found out – no I was not the skinny female who I had always known by my reflection in the m...

apparently according to my bank / credit card company – the cost of identity protection is £79.95 a year – so as our details have been compromised – breeched- stolen is Sony going to be implementing and covering the cost of said protection?

after having had my identity stolen once before (when my purse was stolen) – I one day awoke to find I was being audited because of suspicions of failing to pay tax for a job I never had after finding out I was supposedly a construction worker working on government contracts -in reality I was working at Tower Records in the mail order department – fortunately for me the man working on my case was able to see that a sknny little industrial caucasion female with shaved head and piercings was not exactly the kind of person who would be hired by the government to build anything – confirmation then came from the company who supposedly employed me – which I then found out – no I was not the skinny female who I had always known by my reflection in the mirror but was in fact a burly man of African descent – not all persons whose identity is stolen is so blatantly obvious to spot – so what is Sony going to do about protecting its customer base from idenity fraud?